SQL2008禁止某些IP访问, 记录外网访问的触发器处理机制
2013-04-28 11:41
197 查看
USE [master]
GO
--禁止访问的IP
CREATE TABLE [dbo].[ForbiddenIP](
[IP] [nvarchar](15) NOT NULL,
[说明] [nvarchar](50) NULL,
[设定时间] [datetime] NULL,
CONSTRAINT [PK_ForbiddenIP] PRIMARY KEY CLUSTERED
(
[IP] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[ForbiddenIP] ADD CONSTRAINT [DF_ForbiddenIP_设定时间] DEFAULT (getdate()) FOR [设定时间]
GO
--外网登陆记录表
CREATE TABLE [dbo].[loginlog](
[loginame] [varchar](30) NULL,
[ipaddress] [varchar](40) NULL,
[spid] [int] NULL,
[hostname] [varchar](30) NULL,
[logtime] [datetime] NULL
) ON [PRIMARY]
GO
--访问记录触发器
CREATE trigger [tr_login] on all server WITH EXECUTE AS 'sa'
for logon
as
declare @loginame varchar(30),
@ipaddress varchar(30),
@spid int,
@hostname varchar(30);
select @loginame = eventdata().value('(/EVENT_INSTANCE/LoginName)[1]', 'sysname'),
@ipaddress = eventdata().value('(/EVENT_INSTANCE/ClientHost)[1]', 'sysname'),
@spid = eventdata().value('(/EVENT_INSTANCE/SPID)[1]', 'int');
if ((substring(@ipaddress,1,7)<>'192.168') and (@ipaddress not in ('127.0.0.1', 'servername')))
begin
select @hostname = [host_name] from sys.dm_exec_sessions where session_id = @spid;
begin try
insert into master.dbo.loginlog(loginame,ipaddress,spid,hostname, logtime)
values( @loginame,@ipaddress,@spid,@hostname, getdate() );
end try
begin catch
print '写入日志错误'
end catch
end
GO
--访问IP限制触发器
CREATE TRIGGER [tr_LoginCheck]
ON ALL SERVER
FOR LOGON
AS
declare @IP varchar(15);
set @ip=EVENTDATA().value('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(15)');
IF Exists (select * from ForbiddenIP where ip=@ip)
ROLLBACK TRAN
GO
GO
--禁止访问的IP
CREATE TABLE [dbo].[ForbiddenIP](
[IP] [nvarchar](15) NOT NULL,
[说明] [nvarchar](50) NULL,
[设定时间] [datetime] NULL,
CONSTRAINT [PK_ForbiddenIP] PRIMARY KEY CLUSTERED
(
[IP] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[ForbiddenIP] ADD CONSTRAINT [DF_ForbiddenIP_设定时间] DEFAULT (getdate()) FOR [设定时间]
GO
--外网登陆记录表
CREATE TABLE [dbo].[loginlog](
[loginame] [varchar](30) NULL,
[ipaddress] [varchar](40) NULL,
[spid] [int] NULL,
[hostname] [varchar](30) NULL,
[logtime] [datetime] NULL
) ON [PRIMARY]
GO
--访问记录触发器
CREATE trigger [tr_login] on all server WITH EXECUTE AS 'sa'
for logon
as
declare @loginame varchar(30),
@ipaddress varchar(30),
@spid int,
@hostname varchar(30);
select @loginame = eventdata().value('(/EVENT_INSTANCE/LoginName)[1]', 'sysname'),
@ipaddress = eventdata().value('(/EVENT_INSTANCE/ClientHost)[1]', 'sysname'),
@spid = eventdata().value('(/EVENT_INSTANCE/SPID)[1]', 'int');
if ((substring(@ipaddress,1,7)<>'192.168') and (@ipaddress not in ('127.0.0.1', 'servername')))
begin
select @hostname = [host_name] from sys.dm_exec_sessions where session_id = @spid;
begin try
insert into master.dbo.loginlog(loginame,ipaddress,spid,hostname, logtime)
values( @loginame,@ipaddress,@spid,@hostname, getdate() );
end try
begin catch
print '写入日志错误'
end catch
end
GO
--访问IP限制触发器
CREATE TRIGGER [tr_LoginCheck]
ON ALL SERVER
FOR LOGON
AS
declare @IP varchar(15);
set @ip=EVENTDATA().value('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(15)');
IF Exists (select * from ForbiddenIP where ip=@ip)
ROLLBACK TRAN
GO
相关文章推荐
- Linux下iptables 禁止端口和开放端口(仅供参考,里面含有iptables如何指定允许外网访问的端口号范围,以及对局域网的ip全部开放端口)
- tomcat-禁止某些IP访问的方法
- 【转】Linux 使用 iptables 禁止某些 IP 访问
- 利用ISA禁止某个IP访问外网
- nginx下禁止某些ip访问web服务器的配置
- Linux使用iptables禁止某些IP访问
- 记录:使用外网IP访问内部服务
- Asp.Net : 捕捉和记录网站中出现的所有未处理错误,抛出详细的页面来源和访问ip,调用的接口方法及异常实例(记事本日志,系统日志及数据库日志)
- zencart之.htaccess禁止某个或者某些IP访问
- Tomcat禁止某些IP访问
- Linux 使用 iptables 禁止某些 IP 访问
- 禁止某些IP访问您的网站
- 网站禁止某些IP访问
- Linux 使用 iptables 禁止某些 IP 访问
- Nginx 禁止IP访问 只允许域名访问
- Nginx设置禁止通过IP访问服务器并且只能通过指定域名访问
- 防止恶意解析 - 禁止通过ip直接访问到网站
- Nginx下禁止ip直接访问的几种方法
- Apache禁止用IP非法域名访问网站
- nginx 禁止IP访问